A security researcher at RiskIQ has found a way of identifying the public IP addresses of misconfigured Tor hidden services via SSL certificates.

Millions of people all over the world depend on the Tor network to browse the internet securely and privately every day.

However, Tor is not 100 percent safe from compromise. Tor users can misuse the tools to access the network and give away their identity.

This occurrence is currently being highlighted as an internet security researcher has discovered a new Tor vulnerability.

Yonathan Klijnsma, who is a threat researcher at California-based cybersecurity firm RiskIQ, recently found a way to identify the public IP addresses of misconfigured Tor hidden services.

This discovery highlights the dangers of improperly configuring a Tor hidden service. The main purpose of setting up a darknet site on Tor is to allow the owner of the website to stay anonymous.

However, the site administrator has to configure the web server properly to keep the site anonymized.

Proper configuration means that the web server listens only on localhost (127.0.0.1) as opposed to an IP address that is available to the public via the internet.

As shown in a tweet, Klijnsma found that there are numerous sites on Tor that use SSL certificates and have hidden services accessible via the internet that are not properly configured.

Misconfigured Tor Services a Major Problem

RiskIQ crawls the Internet, and any SSL certificate that it discovered is associated with its hosted IP address.

As such, it took little effort for Klijnsma to associate misconfigured Tor services to their public IP addresses.

The lead researcher stated that he comes across improperly configured servers on a regular basis.

This indicates that there may be a significantly large number of Tor hidden services with exposed public IP addresses.

Millions of people all over the world depend on the Tor network to browse the internet securely and privately every day.

Klijnsma’s findings didn’t seem to go well with some of the Tor users. They felt that Klijnsma’s research was an attack on Tor and similar services.

But the security researcher was quick to clarify the purpose of his research. Through another tweet, he further stated that he seeks to shed some light onto the dangers associated with improperly configuring of a Tor hidden service.

He emphasized on the inherent security differences of setting up the listening host for servers as 127.0.0.1 and 0.0.0.0.

The researcher reiterated the importance of only listening on the former to protect Tor hidden services from exposure.

Tor & SSL Certificates

It is rather ironic that SSL certificates can contribute to a vulnerability in the Tor network. SSL is the backbone of the secure internet, and it serves to protect sensitive information.

The SSL drawback in regard to anonymity here is that the certificates can help to identify the public IP addresses of sites on the dark web.

When the administrator of a Tor hidden service includes an SSL certificate to their website, the .onion domain is associated with the certificate.

If the operator misconfigures the Tor site such that it listens on a public IP address, that certificate with the .onion domain will also be used for the IP address.

Disclaimer:

The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.

Dark Web News is a publication dedicated to bringing the latest news about TOR, hidden marketplaces, and everything related to the dark web. We work hard to find and report on the most exciting and relevant dark net news. We also offer help and advice on using the dark net safely and securely.